What do you mean by "locked"?


There are a few different things that people might mean when they say their phone is “locked”. I wanted to provide this post to help define the different types of lock.

 

SIM Locked

This typically means that the phone will only work on the network of one specific operator. This is handled by the GSM network and doesn’t have anything in particular to do with the Windows Mobile software itself. More info

Bootloader Locked

In many cases, Windows Mobile devices can only be reflashed by the OEM or operator. The “bootloader lock” typically refers to this state. The bootloader is the very first part of the phone that starts up, and it usually has the capability to enter a reflash mode or various other debug or diagnostic modes.

Application Locked

This term is a little bit ambiguous. In the most strict meaning, it means that the device can’t run unsigned code and that most settings and the registry entries can’t be changed by the end user. Sometimes the term is used to refer to the default settings on a two-tier Smartphone device, where unsigned code runs at the “normal” trust level and only some settings and APIs can’t be used. If there is interest, I can do a followup post with more detail on what this means and ways to tweak this state on development devices.

PIN Locked (or Device Locked)

This refers to the device state where you need to enter your PIN (or password) to unlock and use the device. Internally we call it “device lock” but “PIN lock” is probably more clear. There’s also “key locked” where most keypresses don’t register except the unlock key.

SIM PIN Locked

The SIM itself can require a PIN in order to change settings or use the phone features at all. If the PIN is entered incorrectly enough times, the SIM will lock down and you have to get an unlock code (PUK) from the operator to continue. This functionality is implemented entirely on the SIM – all the Windows Mobile software does is pass the PIN code from you to the SIM

I’m moderating this post, so please don’t post links to various unlock sites and resources – I won’t post those comments for various different reasons including our partner relationship with OEMs and operators.

 

Scott


Comments (20)

  1. Henry Boehlert says:

    I know automobile analogies are stupid but I can’t resist …

    Let’s say you can buy a certain fancy type of car, but it only allows you to go to a certain groceries store with your mom, would you buy it?

    And if it was the only way to get to that groceries store?

  2. JasperM says:

    Its also interesting to note where these lock codes reside as well.  For instance all of the above reside on the phone, except for the PIN Locked code.  This can be seen by enabling a PIN lock on the handset, then changing the SIM card to another phone, the lock code will follow the SIM.

    Also, as a result of entering the PIN code incorrectly too many times there is a PUK code which also resident on the SIM card, and must be obtained from a service provider.

    PIN lock shouldn’t be confused with a Phone Lock which is a code that is resident on the handset and not on the SIM card.

    -JasperM

  3. scyost says:

    Hi Jasper,

    You’re right, there is another type of lock lurking in there. I named that one "SIM PIN lock" and added it above. The one you’re calling "Phone lock" is "Device lock" above.

    SIM and SIM PIN lock are handled by the SIM. Device Lock , key lock, and application lock (all the security policies) are handled by the operating system. The bootloader lock is handled in the bootloader, which is technically a very small separate operating system.

  4. JasperM says:

    You don’t have to allow this to post, but I am fairly certain that the Network lock, (NUK or NCK) is device specific and not carried with the SIM card.  When a device is unlocked that unlock information is stored on the device itself.  You are unlocking the phone, not the SIM.

    There is a way to SIM lock a SIM to a phone, so that the phone only works with that SIM, but that is different than the Network Lock.

    -JasperM

  5. scyost says:

    The farther we get away from device security and into GSM and operator networks, the more likely it is that I will be wrong. :)

  6. MikeCal says:

    Henry, I think this analogy is more accurate.  Take your favorite gasoline station.  Say that they started reselling cars for a discount.  You get the same car as you would have at the dealer, but it costs half as much.  The downside is that there’s a lock on the gas tank that only allows you to put gas from that company in it.

    That’s what’s happening when you buy a phone from a mobile opperator.  The MO charges you considerably less than they paid for the phone and expects to make that loss up in you using their service.

    If you don’t like that restriction, you can always go to places like expansys.com and pay full price for an unlocked phone.  Beware, though.  You might be shocked when you learn what these things really cost.

    Mike

  7. Scott, more detail on application locking and ways to tweak the state of application locks on development devices would be most welcome.  Thanks.

  8. Unlocked phone user says:

    True MikeCal, you can pay full price to get an unlocked phone, but what really bugs me is the carrier don’t offer a plan for "already have a phone" and still charge the same monthly fee.  Similarly, when the period they amortize the hardware discount is over (i.e. the 1 or 2 year contract), if we don’t want more hardware we are still stuck paying as if we did.  All the companies do this (collusion?), so you can’t just pick a competitor that doesn’t.

  9. Ben Thomas says:

    The car analogy (first post) is flawed.  It is more like this.  You can buy some cars that can only travel on roads (locked phone) and others that can go anywhere, eg. 4WD.  The reason this analogy is more appropriate, is that some drivers don’t want to go off road, as the risk is too great for them.  Likewise, some users don’t want to be able to run any code, as the risk is too great for them.

  10. jerad says:

    more detail on application locking would be wonderful.

  11. modgnik says:

    Att Unlocked phone user. Virgin Mobile S Africa do not offer contracts, only PAYG.

    You may purchase competitively priced phones for cash or on credit (subject to credit worthiness) or bring your own phone. Their pricing structure is cheaper for voice and data than their competitors’ PAYG packages. Virgin data per mb in particular is one quarter the price of the other 3 carriers. (ie. usa 7c per mb!)

    Even so, Virgin are struggling to break the ‘mind set’ of the so called ‘free phone’. I myself will not be renewing my contract on expiry as I don’t need an upgrade to my SP5 or the ‘free mins’. My primary method of communication is now push email and worldwide sms at 1c euro. I surf the net on a secondary 3G/WiFi Smartphone via Virgin. What a pleasure!

  12. Chris says:

    More details on the application lock would be just lovely.

  13. Jacco de Leeuw says:

    The European Union has stipulated that telecom operators must supply an unlock code for subsidised SIM locked devices, upon request, one year after the start of a contract. No such requirement for bootloader locks and application locks.

    I think that’s unfair. Once your contract has expired you should be able to do what you want with your device. Full access to the registry, run unsigned binaries, install Linux, hit it with a sledgehammer etc.

  14. We talk a lot about security and signing apps, we don’t spend enough time talking about how it all works

  15. Dave Field says:

    Thanks for the rundown on locks, Scott.

    One other lock that is not prevalent:

    Phone Locked SIM – the SIM cannot be used in phones from a different MO.  China Mobile utilizes this.  

  16. Darren says:

    Regarding "PIN Lock"…

    Maybe I’m doing something different to the rest of the universe, but I want a lock which requires me to enter a password if the device is booted or turned on etc, and maybe an auto lock which will kick in after a certain time of in activity has passed.

    So I think to myself… I’ll just set the device lock to zero minutes (given that Windows Mobile doesn’t provide independant settings for "boot up" device lock and "time out" device lock like virtually every other mobile phone) and simply remember to turn it off when I’ve finished using it… but no, zero minutes doesn’t mean it only asks me for a PIN when I turn it on, it means "bug me for a PIN every time I stop using the device for a minute". WHY????

    And where’s the option, even when setting the device to ask for a PIN after a certain period of inactivity, to set the lock function not to kick in while the device is connected to a PC etc? If I’ve got it connected to a PC with which it has a sync partnership, aren’t the chances pretty good that I’m either at home or at work and that I can judge for myself whether I can safely leave the device unlocked until it’s disconnected from the PC?

    The PIN/Device lock function in Windows Mobile is yet another one of those infuriating annoyances that make using a phone running the WM operating system an exercise in frustration.

  17. Ahmed Essam says:

    I have K-JAM it was working good with debuging in development stuff

    now I think it got "Application Locked" suddenly, whcih means I can’t do anything on it, even simple deploy for the application,,

    Please I don’t know what to do? please advise

  18. kelly says:

    i locked myself out of my phone by changing the pin code and when i turn my phone on it wont let me in it says phone locked how do i unlock it??

  19. David S says:

    Hi, Scott

    Thanks a lot for such useful post. I have further question about PIN lock (Device Lock).

    Is this feature ment to disable more then just RAPI? Is it possible that when enabled, it blocks WiFi or Cellular connection?

    In my particular case the VoIP application developed by my team works fine when device is locked. But it will not be able to connect to the server after device will be restarted. The app currently runs over WiFi and uses WinSock to maintain its’ SIP and RTP connections.

    Thanks ahead,

    David

  20. scyost says:

    Hi David,

    Pin lock definitely doesn’t tear down the cell connection, or else you wouldn’t ever get new mail while the device is locked. I don’t think it has any interaction with wifi either. Maybe it’s the power manager turning off the wifi when the device is inactive? I’m not sure.